Topic:
Security

O'Reilly Network articles about this topic:

Secure Your Linux Server
(Linux DevCenter)
Linux is a powerful and popular operating system kernel. That popularity means you might be running it even if you're not a dedicated Unix administrator or high-powered programmer. That doesn't mean that rock-solid security is out of your reach, though. Aaron Brazell shows how to make Red Hat 9 (and other Linux distributions) much more secure in a few easy steps.

Company-Wide Instant Messaging with Jabberd
(ONLamp.com)
Instant messaging is becoming as valuable a business tool as email, the telephone, or the computer. While public networks are free (but not under your control) and private installations are under your control (but expensive), you can easily run your own secure, free server using the open standards of the Jabber protocol. Oktay Altunergil shows how to install and configure jabberd and to integrate it into an existing business directory system.

Userspace Filesystem Encryption with EncFS
(Linux DevCenter)
Laptops and removable storage devices are convenient both for users and for thieves. While you can't always protect the device from wandering away, you can protect the data. EncFS, a user-level encrypted filesystem in a file, makes this possible. KIVILCIM Hindistan explains how.

Extreme System Administration
(SysAdmin DevCenter)
Learning from programmers seems like a horrible idea, but good developer teams work together productively to solve problems effectively and more efficiently than they could on their own. Why shouldn't system administrators borrow some of that magic? Andrew Cowie suggests that some ideas from Extreme Programming and Agile Development can improve the lives of SAs.

Distributed Cfengine
(SysAdmin DevCenter)
Automation is the most important skill an administrator can develop. Cfengine is great at automation and even supports distributed automation. Luke A. Kanies demonstrates how to distribute Cfengine rules to multiple machines.

Introducing Cfengine
(SysAdmin DevCenter)
Automation is the most important skill an administrator can develop. Learning tools that make automation easier usually pay off greatly. Luke A. Kanies claims that Cfengine may be the most important tool in your toolbox and introduces its use and design.

Adventures with Kerberos, CVS, and GSS-API
(Linux DevCenter)
One of the difficulties of writing about technology is exploring the dark corners where no one's ever been before. Jennifer Vesperman, author of the upcoming Essential CVS, recently tried to make her CVS installation use Kerberos authentication. She describes how she went about integrating the two in this article.

Buffer Overflows in sendmail
(Linux DevCenter)
Noel Davis looks at buffer overflows in sendmail; Snort; the gzprintf() function supplied with the zlib library; and the lprm utility under OpenBSD, as well as problems in BIND; file; tcpdump; terminal emulators; Internet
Message; and Messaging in the Emacs World.

Buffer Overflows in PHP Forms and mod_ssl
(Linux DevCenter)
In this week's Security Alerts, Noel Davis reports buffer overflow problems in PHP forms and mod_ssl, as well as security holes in Oracle 8 and 9 systems, User Mode Linux, and the webtop application of Caldera's Open UNIX and UnixWare systems.

Scanning for Rootkits
(Linux DevCenter)
When a hacker gets access to your system, he will leave himself an easy way back in, called a rootkit. Oktay Altunergil shows us how to detect rootkits and remove them.

Vulnerability in login
(Linux DevCenter)
In this week's Security Alerts, Noel Davis reports on a vulnerability that lets remote attackers access root through login, a problem in JRun Java app server software that exposes souce code of JavaServer pages, and a glitch in the script utility that lets users overwrite arbitrary files.

Understanding Rootkits
(Linux DevCenter)
Hackers have many tools that allow them to remain undetected during an attack. Understanding these tools is key to recognizing and cleaning up after an attack.

IPsec Tunneling Between FreeBSD Hosts
(BSD DevCenter)
IPSec encrypts data at the IP packet level, so insecure applications can be encrypted while travelling over the Internet. Mike DeGraw-Bertsch shows us how to set it up.

New Vulnerability in OpenSSH
(Linux DevCenter)
A new vulnerability in OpenSSH can be exploited by a local attacker to execute arbitrary code with the permissions of the root user. Noel Davis also covers problems in OpenBSD, wmtv, Auto Nice Daemon, NetDynamics, Xitami Web server, libgtop_daemon, xtel, Lotus Domino, OpenServer's setcontext and sysi86, SuSE's Postfix installation, and fml.

Buffer Overflow in WU FTP daemon
(Linux DevCenter)
In this week's Security Alerts, Noel Davis reports on a buffer overflow in a popular FTP daemon, as well as problems with procmail, Hypermail, and Red Hat and BSDI's UUCP applications.

A New Version of OpenSSH
(Linux DevCenter)
A new release of OpenSSH fixes a variety of bugs, including a security vulnerability, while Red Hat's Stronghold has a vulnerability that can be used to disclose sensitive system files. Details on these and more in this week's Security Alerts.

SSH Buffer Overflow
(Linux DevCenter)
The big news this week is that the SSH Communications Security recommends that users stop using the SSH1 protocol and replace it with SSH2. Users of OpenSSH should upgrade to version 2.3.0 as soon as possible. Learn more about the SSH buffer overflow problem, plus other alerts, in this column.

A DoS Attack via Tux
(Linux DevCenter)
In this week's Security Alerts, Noel Davis highlights a DoS attack on Tux, the Web server in the Linux kernel, and other vulnerabilities in open source software, Novell, Cisco, and Mac OS 10.1.

Linux syncookies Vulnerability and an scp/sftp bug
(Linux DevCenter)
In this week's Security Alerts, Noel Davis reports on a vulnerability in the cookie used by netfilter, a weakness that allows an attacker to access the Web admin template in Lotus Domino, and a bug in some versions of scp and sftp.

Linux Buffer Overflows and an old SSH Daemon
(Linux DevCenter)
In this week's Security Alerts, Noel Davis reports on a bug in the Linux kernel that can allow files that exceed a user's quota limits; an old daemon hanging around in SSH 2; and vulnerabilities in Red Hat's printing system.

A Root Exploit and DoS in the Linux Kernel
(Linux DevCenter)
In this week's Security Alerts, Noel Davis looks at a root exploit and a denial-of-service attack in the Linux kernel; buffer overflows in Snes9x and Oracle 9i Web Cache; and problems in PAM's login, Squid, Apache, Mac OS X, W3Mail, sdiff, and looking-glasses.

Firing up Firewalls
(ONLamp.com)
A firewall is an important weapon in your defense against hackers. Chris Coleman helps you get started with all the tools needed to install a firewall.

PAM Modules
(Linux DevCenter)
While most Pluggable Authentication Modules are designed for authentication, programmers have written ones to handle a host of other issues. Jennifer Vesperman introduces to some of the more useful modules available.

OpenSSH Problems
(Linux DevCenter)
In this week's Security Alerts, Noel Davis reports that sftp is the weakest link in OpenSSH. Find out what to do about it and problems with Websphere, Red Hat setserial, and Apache running on OS X.

Introduction to PAM
(Linux DevCenter)
Pluggable Authentication Modules provide a solution to the difficulties of user authentication. Jennifer Vesperman introduces PAM and helps you get started.

Buffer Overflows in uidadmin
(Linux DevCenter)
In Security Alerts for Sept. 24, 2001, Noel Davis warns about buffer overflows in Open Unix and UnixWare's uidadmin, an exploit in glFTPD, a vulnerability in the Web-based email system Basilix, and more.

Tools of the Trade: Part 1
(Linux DevCenter)
In this first of a three-part series, Carl Constantine covers tools and techniques that system administrators can use to protect their networks, including discussion of nmap, Ethereal, and how to set up honey pots.

IPFW Logging
(BSD DevCenter)
Firewalls can potentially block huge amounts of traffic. Dru Lavigne shows us how to fine-tune our firewall logs to reveal the traffic that concerns us most.

Remote Root Exploit in QPopper
(Linux DevCenter)
Noel Davis shows us buffer overflows in the Solaris mail utility, Qpopper, and TIAtunnel; temporary-file race conditions in Imp, kmmodreg, and ispell; format-string vulnerabilities in GnuPG and exim; denial-of-service attacks against NetBSD and Fpf; and problems in OpenSSH, the Cisco Content Service Switch, and BestCrypt.

Proper Paranoia: Educating Your Co-Workers
(ONLamp.com)
Michael Lucas runs a new security trainee through the gauntlet of patching live servers. He also shows how to instill a healthy attitude toward network security in those you work with by teaching them to be properly paranoid.

Apache.org Server Compromised
(Linux DevCenter)
Noel Davis shows us the compromise of the Apache Software Foundation Server; buffer overflows in yppasswd, Qpopper, and mailtool; vulnerabilities in TWIG, webmin, and GnuPG; a new type of attack against sendmail; and discuss the use of the user nobody.

Carnivore: A System Admin's Concerns
(Linux DevCenter)
The packet-sniffing Carnivore box gives the FBI the ability to nab and read a suspect's e-mail and web page requests. But those are abilities every sysadmin already has, so why are we so upset?

Lion Worm Continues Rampage
(Linux DevCenter)
Noel Davis shows us the Lion worm; a race condition in the Linux kernel; buffer overflows in several SCO Unix utilities; a new version of MySQL that fixes a major security problem; vulnerabilities in some Cisco routers, switches, and concentrators; and problems with Raptor Firewall, CrazyWWWBoard, Solaris tip, and Pitbull LX.

Beyond Firewalls
(Linux DevCenter)
Now that you have your firewall up and running, you're all set, right? Well, not exactly. Carl Constantine explains how to plug some of the common security holes beyond the firewall.

MySQL File Overwrite Vulnerability
(Linux DevCenter)
Noel Davis shows us a buffer overflow in ASPSeek; a denial of service attack against timed; a new version of OpenSSH with many improvements; an attack against the private keys used by GnuPG; a race condition in the UFS and EXT2FS file systems; and problems with MySQL, VIM, FCheck, Solaris perfmon, Interchange, and Compaq's management software.

IBM Websphere, Shockwave Flash, and emacs Advisories
(Linux DevCenter)
Problems this week include minor problems with sendmail, exposure problems with Lotus Domino, problems in the default setup of Informix Webdriver and IBM Websphere Commerce Suite, a buffer overflow in Shockwave Flash, denial of service attacks against login, privacy problems in emacs, symlink attack in exmh, and a potential exploit against GTK+.

PalmOS, Half-Life Server, and Ethereal Vulnerabilities
(Linux DevCenter)
Problems this week include more symlink problems with catman and dialog, buffer overflows in oops, halflifeserver, and ethereal, key problems with gnupg, problems with PalmOS devices, and a prime example of amazing vulnerabilities in third-party software packages.

Security Alerts: SAMBA, pine, ircd, and More
(Linux DevCenter)
Noel Davis summarizes recent open source and Unix security-related advisories. Problems this week include symlink problems with joe, pico, and samba, a buffer overflow in bftpd, and problems with pine.

Security Alerts: KTH Kerberos, Red Hat PAM, and More
(Linux DevCenter)
Noel Davis summarizes open source and Unix exploits. Problems this week include local and remote root exploits in KTH Kerberos, buffer overflows in Red Hat's PAM, a discussion of security problems with web-based applications, and an example of one of these security problems in phpGroupWare.

Commercial Python IDEs
(Python DevCenter)
Python developers looking for a commercial IDE now have a choice, PythonWorks 1.1 or WingIDE.

Security Alerts: Twig, Midnight Commander, and More
(Linux DevCenter)
Noel Davis summarizes published open source and Unix exploits. Problems this week include arbitrary code execution in Twig, new symlink attacks, a hidden control code attack on Midnight Commander, and a LANGUAGE attack on glibc.

Open RSA: The Patent Expires
(Linux DevCenter)
RSA Security released its rights to license the patent on the RSA encryption algorithm, just weeks before it was due to expire. What is RSA, and what does its patent expiration mean?

Is Carnivore Eating You?
(Linux DevCenter)
The FBI wants to install black boxes at ISPs to monitor email traffic of suspects. What are civil libertarians doing to try to stop it?

Other documents about this topic:

Below are other references available on the web for this topic. Since other sites may change their links, please
if you find any that may need to be updated.

Get Acquainted with Linux Security and Optimization System
An essential guide for network administrators, Mourani provides guidance on installing a Red Hat Linux server that is configured for a high level of security and performance. He offers useful advice on a custom installation, including which packages are unnecessary. It includes sections on backups, firewall security, Sendmail configuration and covers setup of many other technologies including Samba and Squid.
This document is only available in PDF.
[Source: Linux Powered]